1. Field of the Invention
This invention relates to automated verification and prevention of spoofing for biometric data, such as handwritten signatures.
2. Description of Related Art
When collecting and verifying biometric data, such as handwritten signatures, one attack against security of the verification system is for the attacker to intercept the collection of the biometric data and for the attacker to repeat or "spoof" that identical biometric data in a later unauthorized access attempt. Since the repeated biometric data is identical to true biometric data, it will be accepted by a system which compares the input biometric data against known true biometric data, and the attacker will thus obtain unauthorized access.
One known method, not specific to biometric data, has been to tag authorization request messages with a timestamp, so that later spoofing of the authorization request message is detectable by the verification system. However, while this known method achieves the goal of preventing some spoofing, it is ineffective against spoofing when the attacker is able to obtain the biometric data at a source of entry. For example, where the biometric data is a handwritten signature entered by an authorized person using a pen tablet, this known method would be ineffective when the attacker is able to tap outputs from the pen tablet before they are processed by the verification system.
Accordingly, it would be advantageous to provide an improved method of and system for automated verification of biometric data, in which spoofing of biometric data is detected.